Russian hackers target NATO, US organizations with phishing campaigns: Google

A new Google report found that Russian-backed hackers have tried to get inside the networks of NATO, U.S.-based nongovernmental organizations and the militaries of several Eastern European countries. 

The hackers, referred to as Calisto or Coldriver, launched phishing campaigns also targeting U.S. think tanks, the military of a Balkans country and a Ukraine-based defense contractor, per Google.

“These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown,” the report said. “We have not observed any Gmail accounts successfully compromised during these campaigns.”

The report comes amid heightened security and warnings from U.S., European Union and NATO officials against possible Russian cyberattacks following Russia’s invasion of Ukraine in February.

Secretary of State Antony Blinken announced on Thursday additional sanctions on Russia’s tech companies and cyber actors following malicious cyber activities. 

“The United States will continue to hold President Putin’s cyber actors to account for disruptive, destructive, or otherwise destabilizing cyber activity targeting the United States and its allies and partners,” Blinken said in a statement. 

The U.S. and its allies imposed crippling economic sanctions against Russia following the invasion of Ukraine, including cutting off the country from roughly $600 billion in reserves held by the Central Bank of Russia and blocking the country’s access to the U.S. dollar. 

“We will continue to target President Putin’s war machine with sanctions from every angle, until this senseless war of choice is over,” Blinken said, referring to the Russian leader. 

The Google report also found hacks from other nation-state threat actors including China and Belarus. A hacker group known as Curious Gorge, associated with the Chinese government, launched phishing campaigns against government and military organizations in Ukraine, Russia, Kazakhstan and Mongolia.

“While this activity largely does not impact Google products, we remain engaged and are providing notifications to victim organizations,” the report said of the Chinese hack. 

Google said it has seen an increase in cyber activity from different threat actors using the war in Ukraine to launch phishing and malware campaigns. The hacks have also been financially motivated, as one threat actor impersonated “military personnel to extort money for rescuing relatives in Ukraine.”

“Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links,” the report said.